When using WordPress to Buffer Pro (or WordPress toBuffer), the Plugin will connect to two third party API services:
- WP Zinc
When following the Authentication steps,Buffer sends a request to our API once you have logged intoBuffer.
Our API takes that request, and sends a response with what is called a Client Secret. This is a super-specific, Plugin password. In return,Buffer grants an Access Token, which permits our Plugin to post status updates to yourBuffer account. This is a safe and secure authentication method, ensuring that your login credentials are never shared with us.
This Access Token is then returned to your WordPress installation, and you will see an on screen message confirming
This is required, because:
- We cannot share our Client Secret in our Plugin code. Doing so would potentially enable a malicious user to control any number of authenticatedBuffer accounts.
- Buffer’s API requires a single, static URL to redirect to once a user has logged into Buffer. Given that our Plugin can be installed on any WordPress web site (and therefore the redirect could be any URL), this extra step ensures smooth authentication.
Your login process is directly with Buffer, who never share your credentials. Furthermore, we never store any information on our web site or API during this process.
Once you have authenticated with Buffer, status updates will be sent to the Buffer REST API, depending on how you have configured the Plugin.
The data sent will also depend on the fields that you are including with your status updates – for example, your Post’s Title, URL, Excerpt etc.
If Logging is enabled, the results of the status update from Buffer are stored in the Post metadata.